[c-nsp] PPPoE and HTTP Redirect
Eugene Grosbein
eugen at grosbein.net
Sat Oct 3 02:59:41 EDT 2020
03.10.2020 12:52, Scott Miller wrote:
> Hello all, I’m looking for some recommendations. I have a customer, an
> ISP, who is doing PPPoE for residential and “some” smaller business
> accounts. PPPoE terminated on an ASR9010, DaloRadius for authentication
> and IP assignments. DaloRadius is configured for static IP per customer.
> All that is working fine. Recently, we enabled HTTP redirect on the 9010
> because the customer wanted to try out a walled garden for past due
> accounts. So, past due accounts are handed a static 10.x.x.x IP, and
> password changed. Next time customer re-auth’s, they get the 10.x IP
> because of the bad pass, and put into the HTTP redirect jail, and are
> supposed to be redirected to a http site. “Sometimes” http redirect works,
> sometimes it doesn’t. It seems as though it depends on the destination
> address the end user is trying to go to.
>
> At any rate, the ISP is wanting to investigate something else for PPPoE and
> their walled garden. Has anyone used anything else successfully for PPPoE
> auth, and walled garden jail? Something that is a bit more seamless? The
> ISP has their own home-brewed billing/account software, and just wants a
> redirect to their landing page to work each time when a customer is
> disconnected for non-pay. I have not done a lot with PPPoE myself, so
> reaching out for possible 3rd party solutions that can do all-in-one.
I'm pretty sure the problem occurs due to HTTP/HTTPS differences,
so for plain unencrypted HTTP user request it works but for HTTPS is does not, and should not.
HTTPS is made to prevent such in-the-middle embedding from working.
More information about the cisco-nsp
mailing list